Privacy Policy

1. Controller and contact details
DKCO Attorneys-at-law Ltd
Köpmansgatan 2
AX-22100 Mariehamn

Dan Karlsson
E-mail: dan.karlsson@dkco-law.com
Telephone: +358 (0)20 527 4000

2. DKCO’s processing of personal data
DKCO is a law firm carrying out its business in Finland and on the Åland Islands. DKCO processes personal data in connection with its business, i.a. for the purposes of assignment management, business development and recruitment. We take your privacy seriously, and this privacy policy describes how and in which situations personal data is processed and your rights as a data subject. A set of purposes for which personal data is processed is listed below. However, the purposes applicable to you are ultimately dependent on your role vis-à-vis us. You may be e.g. a visitor of our website, a client, a counterparty or a scholarship holder. The personal data that we are processing about you is hence decided by your activity and our relationship with you.

3. Purposes and lawful basis for processing
In order to develop the products, the services and the business of DKCO, handle client assignments in a suitable way, adhere to applicable legislation etc., DKCO processes personal data mainly for the following purposes and on the following lawful grounds:

  1. Assignment management. When turning to us for assistance, we need certain personal data to keep in touch with you, a possible counterparty and its opposing counsel, as well as to manage the assignment in a manner we deem best for you. The personal data we need for this purpose varies from case to case, and the lawful bases for processing are the applicable general conditions of service, legislation on attorneys (including guidelines issued by the Finnish Bar Association) and legitimate interests.
  2. Invoicing, payments and debt collection. We naturally need to receive due payments for our services. We handle such payments by invoicing you and keeping track of your payments, which is based on the applicable general conditions. Should we not receive payment, we may turn to debt collection agencies, which is based on legitimate interests.
  3. Handling of client funds and assets. If your hand over funds or assets on our deposit, we naturally ensure that they are kept separate from our own funds and assets. The funds and assets are kept on separate accounts, which is based on applicable legislation on attorneys (including guidelines issued by the Finnish Bar Association).
  4. Prevention of money laundering and the financing of terrorism. As a law firm, DKCO is obliged to gather information to promote detection and investigation of money laundering and financing of terrorism. Such processing is based on legislation on detecting and preventing money laundering and terrorist financing as well as on legislation on attorneys (including guidelines issued by the Finnish Bar Association).
  5. Conflict of interest checks, assignment and client registration as well as customer relationship maintenance. DKCO’s business is to a great extent strictly regulated, and client and assignment registration as well as conflict of interest checks are part of our obligations. These processing activities are based on legislation on attorneys (including guidelines issued by the Finnish Bar Association) and applicable general conditions.
  6. Product, service and business development. Offering relevant and modern products and services serves both your and our interests, and we want to be in the forefront of the development in the legal field. Personal data that you prove through i.a. your activity on our website or as a client helps us reach these goals. These processing activities are based on legitimate interests.
  7. Newsletters and other types of marketing. We offer many services that we would like you to use, and for this reason we keep you updated on legal news. Newsletters and other types of marketing are therefore ways for us to be more relevant to you, and also these processing activities are based on legitimate interests.
  8. Handling event invitations and registrations. We consider various events to be excellent opportunities to meet new people and connect with professional colleagues, and we naturally would like you to participate. We also need to handle the registration and possible allergies (for the catering). Such processing activities are based on legitimate interests and applicable conditions for the event.
  9. Scholarship applications. DKCO awards future lawyers with an annual scholarship. Handling and evaluating applications, disbursing the payment and announcing the winner requires certain personal data. We base these processing activities on the applicable scholarship conditions and on consent.
  10. Handling relationships with suppliers. When buying products and services from suppliers, we process certain personal data to keep registers of suppliers, evaluate their products and services, follow up on purchases made and handle payments. We need to follow up on the performance of the suppliers in order to continue our relationship with the best ones. This is based on performance of a contract and legitimate interests.
  11. A smooth visit on our website. Both you and we are interested in a website that is quick to use and suited to your preferences, which in turn is supported by the website being smooth and user-friendly. These processing activities are base on legitimate interests.
  12. Handling job applications, evaluating applicants, possible interviews and applicant selection. DKCO may use your personal data to maintain contact with you, evaluate if your experience is suited for DKCO, arrange interviews with you as well as use certain basic personal data as the basis of a possible contract of employment. The processing is based on DKCO’s legitimate interests. In certain limited situations the processing is based on your consent (e.g. if we use personal data collected from third parties in the recruitment process).

In terms of processing activities that are based on legitimate interest, DKCO has done balancing tests between your interests, your fundamental rights and our interests. In many situations our interests and your interests are aligned, but we have, based on the interest balancing tests, nevertheless limited the personal data, retention periods and other processing activities to what is necessary for the specific purpose.

4. Categories of personal data
The categories of personal data processed vary depending on the type of data subject in question. The categories of personal data are the following:

  1. Technical user data, such as cookies, IP addresses, language settings, data on geographical location, software and hardware versions, which subsites you have visited on our website as well as likes and comments on our social media channels.
  2. Basic (contact) information, such as name, e-mail address, postal address, postal code, town/city and website.
  3. Data on your job position, such as employer, title and field of business.
  4. Event registrations and possible diets and allergies.
  5. Marketing consents and bans.
  6. Consents.
  7. Fields of interest and which types of newsletters you would like to receive.
  8. Social security number.
  9. Client data, such as natural or legal person, office in charge, DKCO’s person in charge, conflict of interest data, field of business and client number.
  10. Assignment data, such as lawyer in charge of handling the assignment, conflict of interest data, assignment number, branch of law, counterparties, opposing counsels, contact persons to i.a. insurance companies and public authorities as well as other information that you provide for the assignment.
  11. Payment data, such as fee quotes, invoice amount, paid amounts, outstanding amounts, invoice date, due date of payment, reminders, contact person and bank account numbers.
  12. Data on client funds and assets, such as amount, kind and retention time.
  13. Data for the prevention of money laundering and the financing of terrorism. Data processed for the prevention of money laundering and the financing of terrorism is listed in the applicable legislation. Such data include e.g. name, date of birth and social security number, name, date of birth and social security number of representatives as well as names, date of birth and nationality of members of the board or corresponding executive bodies of the company.
  14. Examinations, experience, knowledge and other work related data, such as current and past positions, grades, transcript of studies, references and their evaluations, IT, language and other proficiencies, aptitude assessments, salary demands and expectations, and other information.
  15. Pictures, such as pictures on students and scholarship holders.

The personal data processed by DKCO has been limited to what is necessary for the specific purpose. DKCO needs certain personal data to perform various tasks according to applicable legislation and conditions of service. You are entitled to not to provide this personal data to us, but in such case we cannot guarantee the delivery of our products and services in the best possible manner or at all. For example, we cannot commence an assignment unless you provide us with the personal data we need to do conflicts of interest checks, investigate risks for money laundering and financing of terrorism or other personal data that we need for carrying out your assignment.

5. Sources
Personal data is first and foremost collected from yourself, e.g. when we investigate risks for money laundering and financing of terrorism, when you contact us and need our assistance, when you inform us about diets for events or when you apply for our scholarship. Personal data is also generated by your own activities on e.g. our website or social media channels. In many situations we can save you the trouble of providing all personal data to us yourself by collecting it from third parties. Among other public registers, we often collect personal data from the trade register maintained by the Finnish Patent and Registration Office for client registrations, assignment registrations and the prevention of money laundering and financing of terrorism. We may also collect personal data from the website of your employer. For the assignment management, we collect the personal data we need, which varies from assignment to assignment and which may be collected from third parties. As another example, DKCO may obtain evaluations from the references you have listed in your job application.

6. Categories of recipients
DKCO mainly processes personal data within the company and for its own purposes. However, certain situations require that personal data is disclosed to third parties. For example, DKCO arranges certain events in co-operation with other organisations, and personal data may hence be disclosed to the other event organisers or catering companies. We also work together with several business service organisations, and personal data may from time to time be disclosed to such organisations to facilitate the processing of personal data for our own purposes.

Assignment management often requires disclosure of personal data to third parties. As an assignment often involves counterparties, opposing counsels, public authorities, banks and insurance companies, personal data may need to be disclosed to such parties. Personal data may also be disclosed for obtaining expert advice. Applicable legislation on the prevention of money laundering and the financing of terrorism obliges DKCO to disclose personal data to the Financial Intelligence Unit under certain conditions. As another example, DKCO may use third parties for job applicants’ aptitude assessments.

7. Storage period
DKCO stores personal data as long as it is necessary for the purpose for which it was collected. The storage period varies depending on the categories of personal data and the purposes it was collected for. E.g. we store cookies and other personal data collected through your activities on our website and social media channels as long as we need them for developing our products, services and business. This varies, but they are typically stored up to a couple of years. You can change the settings of your web browser to prevent cookies from being stored as well as erase cookies in your web browser. DKCO does not store cookies after they have been deleted.

Personal data needed for sending newsletters is stored as long as DKCO deem that you may be interested in DKCO’s products and services. This may be dependent on e.g. how your position in the company changes or if you change workplace. Personal data processed for events is, as a main rule, only stored until the event is finished. DKCO may however store personal data for longer periods to follow up on your views on the event and to let DKCO know whether you are interested in similar future events.

DKCO stores personal data for registering and maintaining client relationships as long as you are a client, and thereafter in according with the guidelines of the Finnish Bar Association or other applicable rules. The same principles apply to personal data storage in terms of assignment management and the handling of client funds and assets. Personal data for conflict of interest checks is however stored longer, since we need such personal data for future conflict checks. Personal data on payments, invoicing and debt collection is stored until the payment has been received, and thereafter as long necessary for sorting out possible claims.

The storage time for personal data processed for the prevention of money laundering and the financing of terrorism is according to applicable legislation five years after a client relationship has been terminated. In addition, DKCO adheres to other applicable legislation that regulates storage time, e.g. legislation on accounting. How long personal data in terms of recruiting is stored is dependent on whether the application process has a fixed time table or is open. After the application process is finished, we store personal data at least for a year to be able to get back to the data subject if new recruitment needs arise.

8. Transfer of personal data outside the EEA
DKCO processes your personal data mainly within the EU and the EEA. However, due to technical reasons, DKCO may need to transfer certain personal data to third countries where the level of personal data protection may be lower than within the EU and the EEA. If an adequacy decision by the EU Commission would be absent for this third country, the personal data protection is ensured by other appropriate safeguards. Such safeguards are principally standard data protection clauses adopted by the EU Commission, and you will find mote information on the matter at https://ec.europa.eu/info/law/law-topic/data-protection_en.

9. The rights of the data subject
You have the right to request access to your personal data as well as rectification and erasure of your personal data. You also have the right to request restriction of and to object to the processing of your personal data. Further, you have the right to data portability. The scope of such rights is determined according to the general data protection regulation and other applicable legislation.

You may access and erase cookies, and adjust certain other technical data, in your web browser, smartphone or other device you may use. In other cases, a request or objection shall be sent to DKCO’s contact person stated above.

According to applicable legislation on attorneys (including guidelines issued by the Finnish Bar Association), DKCO is bound by professional obligations on confidentiality and secrecy for the benefit of the client, as well as by obligations on secrecy in connection with the prevention of money laundering and the financing of terrorism. This may restrict i.a. your right to access your personal data or to obtain a confirmation as to whether personal data concerning you are being processed.

10. Consents
The processing of certain personal data is based on your consent. In such cases you always have the right to withdraw your consent. I.a. in terms of cookies, you have the right to change your web browser settings to prevent it from creating cookies.

11. Right to lodge complaints with the supervisory authority
You have the right to lodge a complaint against DKCO’s processing of personal data with the supervisory authority. The authority supervising DKCO’s processing of personal data on the Åland Islands and in Finland is the Office of the Data Protection Ombudsman (www.tietosuoja.fi). You may also lodge a complaint with the supervisory authority in your country of residence.

12. Profiling and automated decision-making
DKCO does not use automated decision-making, including profiling.